Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for providing a security service from a security manager application to a software application on a computing device, the method comprising: providing a security manager application configured to provide a security service on a computing device, the computing device having at least one processor operatively coupled with a memory; providing a software application on the computing device, the software application having original, post-compile object code; and modifying the original object code of the software application to create replacement object code, the replacement object code configured for communication with the security manager application, the replacement object code comprising a policy engine configured to retrieve a security policy into the memory of the computing device and configured to process a command sent from a remote server that remotely locks the software application, disables the software application, or sets the software application to an initial, unused state.
2. The method of claim 1 , wherein the original object code is modified by at least one technique selected from the group consisting of introducing a dynamic library, introducing a static library introducing an additional load command, symbol replacement, pointer swizzling, and interposing.
3. The method of claim 1 , further comprising: generating, by the security manager application, a security artifact selected from the group consisting of authentication tokens, a key, a security credential, a single sign-on token, an identifier, a security policy, a security command, a security configuration, a session handle, a session token, and a secure communications channel, and transmitting the security artifact from the security manager application to the software application in response to a request of the security service.
4. The method of claim 1 , further comprising: converting the original object code from a signed form to an unsigned form before the modifying; and converting the replacement object code from an unsigned form to a signed form after the modifying.
5. The method of claim 1 , wherein the computing device is a mobile device.
6. The method of claim 1 , wherein the modifying includes modifying at least one of a programmatic interface, a class, an object, and a function.
7. The method of claim 1 , wherein the security policy is retrieved from a server that is remote from the computing device.
8. The method of claim 1 , wherein the security manager application, responsive to a request of the security service, facilitates the security service if the software application is signed with a public key infrastructure (PKI) key.
9. The method of claim 1 , wherein the security manager application is responsive to a registration request from the software application to establish application trust, the security manager application: prompting a user to input an application registration passcode; and generating a key to establish application trust using the application registration passcode to facilitate the security service provided by the security manager application to the software application.
10. The method of claim 1 , further comprising: generating an application data protection key, the application data protection key encrypted and decrypted by a corresponding data protection root key maintained with the security manager application.
11. A machine-readable non-transitory storage medium embodying information indicative of instructions for providing a security service from a security manager application to a software application on a computing device, the instructions comprising: providing a security manager application configured to provide a security service on a computing device, the computing device having at least one processor operatively coupled with a memory; providing a software application on the computing device, the software application having original, post-compile object code; and modifying the original object code of the software application to create replacement object code, the replacement object code configured for communication with the security manager application, the replacement object code comprising a policy engine configured to retrieve a security policy into the memory of the computing device and configured to process a command sent from a remote server that remotely locks the software application, disables the software application, or sets the software application to an initial, unused state.
12. The medium of claim 11 , wherein the original object code is modified by at least one technique selected from the group consisting of introducing a dynamic library, introducing a static library introducing an additional load command, symbol replacement, pointer swizzling, and interposing.
13. The medium of claim 11 , further comprising: generating, by the security manager application, a security artifact selected from the group consisting of authentication tokens, a key, a security credential, a single sign-on token, an identifier, a security policy, a security command, a security configuration, a session handle, a session token, and a secure communications channel, and transmitting the security artifact from the security manager application to the software application in response to a request of the security service.
14. The medium of claim 11 , further comprising: converting the original object code from a signed form to an unsigned form before the modifying; and converting the replacement object code from an unsigned form to a signed form after the modifying.
15. The medium of claim 11 , wherein the security manager application is responsive to a registration request from the software application to establish application trust, the security manager application: prompting a user to input an application registration passcode; and generating a key to establish application trust using the application registration passcode to facilitate the security service provided by the security manager application to the software application.
16. A computer system executing instructions in a computer program for providing a security service from a security manager application to a software application on a computing device, the system comprising: at least one processor; and a memory operatively coupled with the processor, the processor executing program code from the memory comprising: program code for providing a security manager application configured to provide a security service on a computing device, the computing device having at least one processor operatively coupled with a memory; program code for providing a software application on the computing device, the software application having original, post-compile object code; and program code for modifying the original object code of the software application to create replacement object code, the replacement object code configured for communication with the security manager application, the replacement object code comprising a policy engine configured to retrieve a security policy into the memory of the computing device and configured to process a command sent from a remote server that remotely locks the software application, disables the software application, or sets the software application to an initial, unused state.
17. The system of claim 16 , wherein the original object code is modified by at least one technique selected from the group consisting of introducing a dynamic library, introducing a static library introducing an additional load command, symbol replacement, pointer swizzling, and interposing.
18. The system of claim 16 , wherein the program code further comprises: program code for generating, by the security manager application, a security artifact selected from the group consisting of authentication tokens, a key, a security credential, a single sign-on token, an identifier, a security policy, a security command, a security configuration, a session handle, a session token, and a secure communications channel, and program code for transmitting the security artifact from the security manager application to the software application in response to a request of the security service.
19. The system of claim 16 , wherein the program code further comprises: program code for converting the original object code from a signed form to an unsigned form before the modifying; and program code for converting the replacement object code from an unsigned form to a signed form after the modifying.
20. The system of claim 16 , wherein the security manager application is responsive to a registration request from the software application to establish application trust, the security manager application having program code comprising: program code for prompting a user to input an application registration passcode; and program code for generating a key to establish application trust using the application registration passcode to facilitate the security service provided by the security manager application to the software application.
Unknown
February 7, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.